[NT] Sygate Personal Firewall 5.0 IP Spoofing Vulnerability
From: support@securiteam.comDate: 09/18/02
- Previous message: support@securiteam.com: "[NT] Planet Web Software Buffer Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Wed, 18 Sep 2002 14:55:01 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Sygate Personal Firewall 5.0 IP Spoofing Vulnerability
------------------------------------------------------------------------
SUMMARY
Sygate Personal Firewall 5.0 is a host-based Firewall designed to protect
your PC against attacks from both the Internet, and other computers in the
local network.
Sygate Personal Firewall 5.0 for windows platform contains IP Spoofing
vulnerability. This vulnerability could allow an attacker with a source IP
of 127.0.0.1 to Attack the host protected by Sygate Personal firewall
without being detected. Sygate Personal firewall is having problem
detecting incoming traffic with source IP 127.0.0.1 (loopback address).
DETAILS
Vulnerable systems:
* Sygate Personal Firewall version 5.0
Test diagram:
[*Nix b0x with IP Spoofing scanner / Flooder] <===[10/100mbps switch===>
[Host with SPF]
1] IP Spoofing Vulnerability Default Installation
- SPF is vulnerable with IP Spoofing attack by Scanning the host with a
source IP address 127.0.0.1 or network address 127.0.0.0. The Attacker
could scan or attack the target host without being detected by the
personal firewall. This vulnerability is very serious w/c an attacker
could start a Denial of Service attack against the SPF protected host and
launch any form of attack.
- To those who wants to try to simulate the vulnerability, you may use
source address 127.0.0.1 - 127.0.0.255.
Workaround:
1] Set the SPF to BLOCK ALL mode setting which Abraham does not think the
user would do. This type of setting would block everything all incoming
request and outgoing.
2] Block source address 127.0.0.1 or 127.0.0.0 network address manually in
Advance rules section.
ADDITIONAL INFORMATION
The information has been provided by <mailto:sunninja@scientist.com>
Abraham Lincoln.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] Planet Web Software Buffer Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
